Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4901 | 1 Squiz | 1 Mysource Matrix | 2013-01-03 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter. | |||||
CVE-2010-5273 | 1 Altova | 1 Diffdog 2011 | 2013-01-03 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise Edition SP1 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .dbdif file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-1249 | 2 Google, Lunascape | 2 Android, Ilunascape Android | 2013-01-03 | 5.0 MEDIUM | N/A |
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. | |||||
CVE-2012-0295 | 1 Symantec | 1 Endpoint Protection | 2013-01-03 | 9.3 HIGH | N/A |
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. | |||||
CVE-2011-5087 | 1 Adastra | 1 Trace Mode Data Center | 2013-01-03 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS. | |||||
CVE-2006-0218 | 1 Mybb | 1 Mybb | 2013-01-02 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. | |||||
CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2013-01-02 | 6.4 MEDIUM | N/A |
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | |||||
CVE-2006-0697 | 1 Zen-cart | 1 Zen Cart | 2013-01-02 | 10.0 HIGH | N/A |
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. | |||||
CVE-2007-5557 | 1 Nec | 1 Mobile Handset | 2013-01-02 | 7.8 HIGH | N/A |
Unspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-1114 | 1 Vocera | 1 Wireless Handset | 2013-01-02 | 4.3 MEDIUM | N/A |
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
CVE-2008-3981 | 1 Oracle | 1 Secure Backup | 2013-01-02 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2011-5024 | 1 Gnu | 1 Mailman | 2013-01-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter. | |||||
CVE-2011-5251 | 1 Vbulletin | 1 Vbulletin | 2013-01-02 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. | |||||
CVE-2012-5654 | 2 Drupal, Nodewords Project | 2 Drupal, Nodewords | 2013-01-02 | 4.3 MEDIUM | N/A |
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. | |||||
CVE-2012-5666 | 1 Owncloud | 1 Owncloud | 2013-01-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php. | |||||
CVE-2012-6080 | 1 Moinmo | 1 Moinmoin | 2013-01-02 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name. | |||||
CVE-2012-6470 | 1 Opera | 1 Opera Browser | 2013-01-02 | 9.3 HIGH | N/A |
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image. | |||||
CVE-2012-6466 | 1 Opera | 1 Opera Browser | 2013-01-02 | 5.0 MEDIUM | N/A |
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas. | |||||
CVE-2012-6465 | 1 Opera | 1 Opera Browser | 2013-01-02 | 9.3 HIGH | N/A |
Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image. | |||||
CVE-2012-6463 | 1 Opera | 1 Opera Browser | 2013-01-02 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs. |